[MPlayer-dev-eng] [RFC] libnut demuxer API
Michael Niedermayer
michaelni at gmx.at
Thu Sep 8 18:35:01 CEST 2005
Hi
On Thu, Sep 08, 2005 at 06:16:09PM +0300, Uoti A Urpala wrote:
> > On Thu, Sep 08, 2005 at 05:33:02PM +0300, Oded Shimon wrote:
> > > after the malloc, and program will crash for trying to write to NULL. A
> > > crash is just about as good as a silly error message "out of memory", as
> > > that never happens anyway (if it does, you got bigger problems to worry
> > > about :).
>
> Michael Niedermayer wrote:
> > well, no i disagree
> > * a lib should not die if it runs out of memory, as it might be due to buggy
> > parameters / buggy input stream which cause it, for example a input file with
> > 1<<31 streams or so, its nonsense but should not lead to a crash of the app
> > just imagine a video editor which has unsaved stuff
>
> Doing this properly requires sanity checking the values beforehand,
> just checking the return value from malloc afterwards isn't enough. An
certainly, and my example would be caught by them but they alone arent
enough
> excessively large allocation will likely lead to the application dying
> later even if malloc doesn't return NULL immediately. Personally I'd
> use a malloc wrapper that prints an error and exits instead of
well, thats ok for an application but not for a lib, consider printf()
crashing your editor and taking your hard work with itself to /dev/null
due to lack of memory
> returning NULL (if sane malloc sizes start failing you're dead anyway)
that depends upon your definition of sane, no doubt you can limit things
so narrowy that thats true but i belive that neither users nor developers
would accept such narrow limits everywhere
[...]
--
Michael
More information about the MPlayer-dev-eng
mailing list